1 Reply Latest reply on Nov 18, 2001 2:39 AM by Allen Fogleson

    method permissions

    Ben Litchfield Newbie

      Could someone explain to me what the behavior should be when an EJB is declared in the ejb-jar.xml and there is no <method-permission> tags at all.

      Does that mean any user can call methods on that bean or that nobody can call methods on that bean.

        • 1. Re: method permissions
          Allen Fogleson Newbie

          hmm depends on the security setup I believe. For instance I have 2 jars...

          one (lets call it secure.jar) has beans which can only be accessed by authorized users.

          the other has beans which anyone can access. (lets call it insecure.jar)

          what i do in secure.jar is add a jboss.xml with security information, and add method permissions. I believe, that in this case NOONE will be allowed access if you do not decalre method permissions. (since it has a security context and the permission is blank... makes sense. I havent tried this one).

          In insecure.jar i do NOT add any jboss.xml so method permissions are of no consequence, there is no way to tell WHO is accessing the bean. I know in this case anyone can. Since I have a bean just like this. No roles, so no way to set permissions.

          Best way to tell in the other case is to try it and see what happens. :)